(THIS ARTICLE IS MACHINE TRANSLATED by Google from Norwegian)
It is now two years since Edward Snowden documented what many in the computer security community had suspected for a long time: US intelligence collects and stores all the information they manage to get their fingers in from the Internet and from mobile traffic – about everyone in the world. Snowden also revealed that several US online giants are giving NSA access to information they have stored about their users, including private messages and emails. The move from tactical surveillance to strategic surveillance is thus almost complete: where intelligence services previously identified a target to initiate monitoring specifically of that target, all the information that is possible to gather to build such a complete archive of all is now collected. human activity that is possible to achieve.
Terror Hysteria. Snowden's disclosures have led to much discussion about the reform of the intelligence services and the huge powers they received after the 11. September 2001. The 2. June, the US Congress passed the law United States Freedom Act, which should restrict some of these authorizations. The decision came after a long process of much resistance and dilution of the legislative text, and the final result does not restrict the monitoring of foreign nationals on the Internet. After more than a decade of terror hysteria in which national security has trumped most other considerations, it is perhaps too optimistic to believe that Congress will be able to curb the NSA's behavior over the rest of the world in a sweep. The positive changes that lie in the United States Freedom Act are moderate, and it is still a very long canvas to recover the rights to privacy and privacy that once existed.
Take control back. Fortunately, we have tools other than laws and regulations to recapture privacy and privacy as universal principles. Circuits that work with data security talk about a distinction between declared privacy and built-in privacy. The most common thing today is declared privacy: the owner of a solution has the ability to collect information about users, but declares that they will refrain from abusing this opportunity. Much of the legislation in the field is based on this model. On the other hand, you have built-in privacy, which means that you build the technical solution so that it cannot be abused – for example by the fact that the company that owns the solution does not have the opportunity to gather information about the users. As we know it today, most people just have to hope that good laws are made, trust that the laws are followed, and gamble that sensitive personal information will not be used against them at a later date.
One of the most important ways that most people can regain control of their information, and make sure to incorporate privacy into their digital channel activity, is to use encryption. When encrypting something, you use a key to transform readable text into incomprehensible ciphertext. Deciphering the result is almost impossible if you do not have the key it was encrypted with. Encryption is thus a tool that gives ordinary people the power to provide their own privacy. One of the developers behind Tor's anonymization tool, Jacob Appelbaum, summarizes the power of encryption as follows: "No amount of violence can solve a mathematical problem." Here even the most powerful intelligence services have to lose the math.
Is the cryptocurrency won? If we look back a few years, cryptography was an art reserved for the military and intelligence services. In the United States, encryption technology was subject to export control in the same way as advanced weapons. At the same time, there was a need for commercial use, including to protect banking transactions. In the early 90s, in the Internet's infancy, some IT people began to see the capacity for monitoring that lay in the new technology, and thus the need for most people to have access to encryption tools. It was the beginning of the first crypto war and the cipher punk movement, which, among others, Julian Assange and Wikileaks associate with. IN A cipher puncher's manifesto Written by Eric Hughes in 1993, the position is clear: "Privacy is necessary for an open society in the electronic age," and: "Privacy in an open society also requires cryptography."
Fortunately, we have tools other than laws and regulations to reclaim privacy and privacy.
The control regime over encryption technology was challenged both by individual cipher punters who began to create solutions for private use, and by commercial forces who saw the need to secure credit card payments over the Internet. Attempts to ban private encryption were reversed at that time – but has the cryptocurrency won once and for all, or have supporters of control simply switched strategy? Among Snowden's disclosures is the NSA program Bullrun, which is built to break established encryption methods, and we also know that technology companies are being pressured to install backdoors in their solutions so that intelligence services can retrieve information. UK Prime Minister David Cameron has spoken out to ban encryption that does not have a backdoor solution for intelligence services, and US President Barack Obama is on the same line when it comes to encrypting services on smartphones.
Encryption for all. Whether a new chapter opens in the crypto war remains to be seen – but today's rapid emergence of open source encryption solutions will make the goal difficult to reach for Cameron and Obama. This is good news for journalists, activists and others who want to protect their private communications from overbearing spies. It may be possible for the intelligence services to push the companies that own proprietary software, where the source code is secret, to give them access. On the other hand, when the source code is open, it will be more difficult to get backdoors, and this can be detected by other developers in the international professional community anyway. In other words, open source is an essential attribute when using encryption tools to protect your own information and communication. What can then be used for encryption and how?
In principle, all information can be encrypted, and how this is done determines the type of protection you get from it (see fact box). Encryption can be used to prevent unauthorized persons from reading information on your laptop or mobile phone, encrypting information you enter into web forms, encrypting the content of emails and messages, and even hiding your identity when you travel in the digital channels. However, it is important to remember that encryption is not a magic formula that protects against everything. User errors happen, software can have weaknesses, and your secrets are just as secure as the trust you have with those you share them with. An example is Chelsea Manning, who over encrypted chat told hacker Adrian Lamo that she was the source of the Wikileaks disclosures. The encryption held, but Lamo logged the conversation and passed the log on to the FBI. The rest of the story we know all too well.
"Only" metadata. Another important thing to keep in mind when encrypting digital communications, such as email, chat, sms and phone calls, is that the content is encrypted. So-called metadata is still possible to collect – if you do not, in addition, use anonymization tools like Tor – and can tell far more about you and your communication than data storage advocates have been willing to admit. Metadata is any information about your communication that is not the "body", that is, the address you sent something from, what equipment you used, who you communicated with, the time, location, subject field of the emails, and not least the sum of your communications overtime.
The more people in the flock that encrypt, the safer it is for everyone.
A study conducted by researchers at Stanford University shows how revealing such metadata can be: Even in a time-limited study of a relatively small group that even knew the information was collected, the researchers were able to link subjects to medical diagnoses, abortions, weapons purchases, activity in trade unionism, cultivation of marijuana, participation in Alcoholics Anonymous and visits to strip clubs. One can only imagine what the sum of metadata over time can tell about a person. In addition, metadata is easier for computers to systematize and analyze than content is, so when the amount of data becomes of the huge proportions you get by always monitoring everything, then metadata can be even more valuable than the content of the communication.
Currently, more information is likely to be collected than what one has the capacity to analyze, but the technology needed to effectively analyze all the information is galloping. IBM is among the companies working on developing supercomputers that can analyze huge amounts of information about people. They even suggest that possible uses in the future may be to predict medical diagnoses or who may be committing criminal acts. It sounds like science fiction, but in light of the company's history, the concern is very real. Indeed, IBM's hole-card technology enabled a highly effective census and categorization of its time, which formed the basis for the Nazi genocide of the Jews.
Take the vaccine. One consequence of Snowden's disclosures is that many more have become aware of the dire situation we have all been in when it comes to protecting privacy in digital channels, and more want a change. Several major companies offering hardware, software and internet services have seen the writing on the wall, and are in the process of redesigning their systems to support built-in privacy and encryption of fear of losing the next generation of users. Apple is now directing app developers in the direction of encryption, and Wikipedia and many other websites have switched to using only encrypted connectivity with their readers. Facebook now offers encrypted email notifications, and many others follow. The fact that several of the online giants have begun to take encryption seriously is particularly good news, as data security works a bit like vaccines: If only a few are vaccinated, the disease will still spread. The more people in the flock that encrypt, the safer it is for everyone.
Although several good powers are working to bring about better legislation, the likelihood is that this approach alone will take a long time and come to limited results. Nor is it necessary to wait for the parliamentarians when we actually have the solution and the power to enforce the privacy we want on our own. If intelligence services do not want to respect our privacy, we can force them by using encryption – and thus also increase the pressure for better regulation. We have the power to limit the monitoring of ourselves and those we communicate with if we only learn how to use it. As Hughes wrote in A cipher puncher's manifesto: "We have to defend our privacy if we expect to have one at all."
Aarseth is a freelance writer and regular contributor to Ny Tid. tori.aarseth@gmail.com.
